Pages

Saturday, October 29, 2011

Of late sophisticated Malware have entered into the cyber crime market place. Whether it is state sponsored or private profiting, Malware is becoming a good choice for all. The evolution of Malware is also happening in an innovative, constant and quick manner.

From Stuxnet to the latest Malware Duqu the trend in this regard is absolutely clear. If nations are not well prepared on the front of cyber security, critical infrastructures would be vulnerable. While this is not a situation that requires a paranoid reaction yet this is at the least a wake up call for ensuring strong and robust cyber security.

In order to analyse the Duqu Malware, Indian officials from department of information technology (DIT) have recently seized computer equipment from a data center in Mumbai. They took several hard drives and other components from a server that was communicating with computers infected with Duqu.

While detailed investigation is still going on yet preliminary examination suggests that Duqu was developed by sophisticated cyber criminals to help lay the groundwork for attacks on critical infrastructure such as power plants, oil refineries and pipelines, etc. It is suspected to be another incidence of state sponsored cyber attack tactics to test future cyber capabilities.

Duqu, so named because it creates files with "DQ" in the prefix, was designed to steal secrets from the computers it infects. The target includes design documents from makers of highly sophisticated valves, motors, pipes and switches.

Indian government has been launching projects without proper procedural safeguards and parliamentary scrutiny. These projects and authorities are openly violating the human rights in cyberspace but Indian government is not deterred by this issues.

It is only after the United Nations has declared that access to Internet is a human right that Indian government is thinking about civil liberty issues in cyberspace. In order to confer legitimacy to projects like Aadhar, National Intelligence Grid (NATGRID), Crime and Criminal Tracking Network and Systems (CCTNS), National Counter Terrorism Centre (NCTC), Central Monitoring System (CMS), Centre for Communication Security Research and Monitoring (CCSRM), etc, they must be supported by a techno legal framework. Presently, none of them are governed by any Legal Framework and none of them are under Parliamentary Scrutiny.

For some strange reasons, Indian government has been ignoring enactment of good techno legal privacy laws in India. Various governmental ministries have started the exercise of enacting the privacy law for India time to time but ultimately none of them materialised. These exercises proved to be futile and till now we are still waiting for the enactment of sufficient and strong privacy laws in India.

Privacy rights in India in the information age are too important to be ignored. Surprisingly, Indian government is deliberately keeping privacy protection at distance even if the constitution of India protects privacy rights of Indian citizens/persons.

For instance, India has launched Projects like Aadhar, National Intelligence Grid (NATGRID), Crime and Criminal Tracking Network and Systems (CCTNS), National Counter Terrorism Centre (NCTC), Central Monitoring System (CMS), Centre for Communication Security Research and Monitoring (CCSRM), etc. None of them are governed by any Legal Framework and none of them are under Parliamentary Scrutiny.

In short, the unwritten, but widely followed, national privacy policy of India is not only negative in nature but is also violative of various provisions of Indian constitution. Time has come to enact a good techno legal national privacy policy of India.

Even basic level cyber security awareness in India is missing. Government employees use governmental computers with great casualness. In many cases this results in installation of Malware on the governmental computers and thereby compromises the national security and cyber security of such computers.

There are many good open source tools that can help in ensuring good cyber security in India and investing in commercial software is an option and not compulsion. Still India needs expertise to use these open source software and in the absence of the same cyber security has been neglected to a great extent. Let us hope Indian government would wake up to this much needed reality very soon.

Monday, October 3, 2011

Cyber warfare is a concept that is still haunting the international community. The situation is so serious that north atlantic treaty organisation (NATO) has sought stronger cooperation with India to counter growing cyber threats.

Cyber warfare is still a murky area as different countries deal with cyber attacks and cyber warfare attacks differently. While countries like US are considering it as an act of aggression on the footing of war yet other countries are taking divergent views. However, all countries are willing to use every possible cyber capabilities as preventive and curative cyber methods.

The situation is equivalent to a wake up call and Indian government must take urgent steps to strengthen Indian cyber security. The sooner it is adopted the better it would be for a safe and secure cyberspace of India.

Cyber security is an area that cannot be ignored by India. Cyber security in India has still not been paid enough attention. As a result important departments and computers of Indian governments are frequently breached and compromised.

India is poor at cyber security for numerous reasons. First and foremost being that cyber security policy of India is still missing. Till cyber security is considered at the policy level not much can be achieved.

However, politicians in India have no time for cyber security. Lack of political will towards a crucial topic like cyber security is evident when we have no national cyber security policy of India.

Another factor that has resulted in poor cyber security in India is the growing incidences of industrial lobbying in India. Industrial lobbying is not allowing a strong cyber law and cyber security framework in India. Companies that may be required to follow stringent cyber law and cyber security practices are lobbying to make them redundant and powerless and Indian government is obliging the same.

India has waited for too long for an effective, robust and implementable cyber security policy. A national cyber security policy of India must be implemented as soon as possible for the larger interest of India and ignoring the same any further would only be counter productive.